Widespread httpoxy vulnerabilities affect server-side web apps

A new, branded set of vulnerabilities has been revealed by security researchers, this time responsibly and without too much fanfare. The collective name given to the vulnerabilities is httpoxy. They affect server-side web applications only – application code running in Common Gateway Interface (CGI), or CGI-like environments. “If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to proxy the outgoing HTTP requests … More →